6️⃣ #ETHERNAUT #level_6 #Delegation

must solve this challenge using cast and call the challenge contract :

cast send $CHALLENGE_CONTRACT_ADDRESS "pwn()" --rpc-url $RPC_URL --private-key $PRIVATE_KEY

but i wrote the Solidity Code too,

🥷🍷 <Happy Hacking/>

7️⃣ #ETHERNAUT #level_7 #Force

🥷🍷 <Happy Hacking/>

8️⃣ #ETHERNAUT #level_8 #Vault

you can access the private variables using cast :

cast storage $CHALLENGE_CONTRACT_ADDRESS 1 --rpc-url $RPC_URL

🥷🍷 <Happy Hacking/>

9️⃣ #ETHERNAUT #level_9 #King

🥷🍷 <Happy Hacking/>

🔟 #ETHERNAUT #level_10 #Re_entrancy

🥷🍷 <Happy Hacking/>

1️⃣1️⃣ #ETHERNAUT #level_11 #Elevator

🥷🍷 <Happy Hacking/>

1️⃣2️⃣ #ETHERNAUT #level_12 #Privacy

you can access the private variables using cast :

cast storage $CHALLENGE_CONTRACT_ADDRESS 5 --rpc-url $RPC_URL

🥷🍷 <Happy Hacking/>

🔑 Smart Contract Obfuscation Techniques

1️⃣ https://titan.csit.rmit.edu.au/~e13322/hai_dong/papers/Bian_TSE2022.pdf
2️⃣ https://www.mecs-press.org/ijmsc/ijmsc-v8-n3/IJMSC-V8-N3-3.pdf
3️⃣ https://degatchi.com/articles/smart-contract-obfuscation/

📦 Transient Storage

1️⃣ https://hackernoon.com/transient-storage-ethereums-game-changing-feature
2️⃣ https://etherworld.co/2022/12/13/transient-storage-for-beginners/
3️⃣ https://soliditylang.org/blog/2024/01/26/transient-storage/
4️⃣ https://youtu.be/0-hiB5I39Mk?si=-0qy3ZeiuW_L9D8p
5️⃣ https://solidity-by-example.org/transient-storage/
6️⃣ https://www.evm.codes/#5c?fork=cancun

⚒ Best Smart Contract Development Toolkits ( i think )

1️⃣ Foundry
- 🐈‍⬛ https://github.com/foundry-rs/foundry
- 📚 https://book.getfoundry.sh/

2️⃣ Hardhat
- 🐈‍⬛ https://github.com/NomicFoundation/hardhat
- 📚 https://hardhat.org/hardhat-runner/docs/getting-started

🤖 useful AI

1️⃣ Phind : https://www.phind.com
2️⃣ ChatGPT : https://chatgpt.com/
3️⃣ ChainGPT : https://app.chaingpt.org/

started with solidity, played CTF/Challenge(s) such as HTB & Ethernaut (playing until death 🫡), Learned many things and at this point, i want to start Auditing on the past CodeHawks's First Flights 🦅✈️ and i want to write report at the specified time, then want to check other auditor's submission and compare with myself. hope to learn many things 🥷

🍷 Enjoy The Road

🦅✈️ First Flight 1️⃣
https://www.codehawks.com/contests/clnuo221v0001l50aomgo4nyn


🔴 [HIGH-0] user can access the value of s_password and s_owner variables beacuse of the storage layout. we can get the value and decode them.

cast storage $CONTRACT_ADDRESS 0 # s_owner
cast storage $CONTRACT_ADDRESS 1 # s_password

🔴 [HIGH-1] there is not any limit on setPassword() function. user can access the setPassword() function without any limit and can change the value of s_password;


⚪️ [INFO-0] should declare errors out of the contract ( make them global )
⚪️ [INFO-1] should change the name of errors.


🍷 Learned :
1️⃣ sensitive variables mustn't have the default value during deploying. deployer must pass the value to constructor and set the new value there.

📜 About Remappings in foundry ( something like alias )

🔗 https://book.getfoundry.sh/projects/dependencies#remapping-dependencies

🪖 Glider

1️⃣ Hexens Secureum Workshop
2️⃣ JohnnyTime YT Video
3️⃣ Owen YT Video [1] - [2]
4️⃣ daily-glider
5️⃣ Glider Gitbook
6️⃣ Kasper Zwijsen
7️⃣ Officer CIA
8️⃣ rxyz's YT